AllyLane

OK all done. The system is still lagging. One of the other problems I am having is with iTunes. I am unable to uninstall it due to the Registry Key having been locked somehow - looking at info on Apple's forums it seems that this problem happens with a certain infection. This makes me wonder what else in the Registry has been changed.

Forgot to mention that the desktop.ini files are hidden files.

I have uninstalled DriverMax. Other scan logs are attached. Also, two files called Desktop.ini have appeared on my desktop (text files). Any idea what these might be? Still lagging terribly. I have also noticed that my browser home page seems hijacked when I open IE. I have had this problem before and it was associated with malware. When I open IE and go to home page (which is currently Google), a brief text message in the top let corner appears on a blank white screen, too quick to read, then goes to Google. I now don't have Java obviously - when should I install that again? AdwCleanerS1.txt JavaRa.log Fixlog.txt

Hi Ron. Scans done, logs attached. AllyLane JRT.txt AdwCleanerR0.txt ESET Found Threats.txt Mbam Scan Log 20 Oct 14.txt FRST.txt Addition.txt

Thanks Ron. Please find attched logs. I have also done the same scans on my second laptop, and have found some similar results. Should I post a new topic for that machine with the FRST/Addition logs? AllyLane Rkill.txt Mbam Scan Log 15 Oct 14.txt RKreport_SCN_10152014_154419.log

Hi FD, So sorry, I just realised I haven't replied to this! I uninstalled and reinstalled MB Pro, and it is now updating correctly. Many thanks!

Hi Guys, I run Malwarebytes Pro, and have done for some time now. I noticed my system really lagging and hanging over the past couple of weeks. It is getting worse. Last time it did this, we ran scans and found a heap of nasty stuff. I have attached logs from Farbar. Thanks in anticipation, allylane PS I would love some updated advice as to the programs I can run ongoing without them clashing, ie: MB Pro while running Windows Defender and Microsoft Security Essentials. Unsure? Thanks. FRST.txt Addition.txt

Hi, I use MBAM Pro 2.0.2.1012. I previously used to get database updates every couple of days (it was set to notify if 3 days over). I now have not had a request to update for literally weeks yet I have it set to notify after 1 day. I am worried that it may not be working properly? I am pretty sure I don't have it set to update automatically. Surely the database has been updated in that time? I am running W 7. Thanks so much.

Thanks for your reply. Report is below: ___________________________________ RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Nicki [Admin rights] Mode : Scan -- Date : 09/11/2013 17:38:46 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++ --- User --- [MBR] dcb04c57433b1e7648b8e2e1f5dc740f [bSP] 660a2b49ecb25526431c36966b4eef73 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 702299 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1441382400 | Size: 11604 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09112013_173846.txt >>

Hello! Have been working on my Dad's computer, on which we have Malwarebytes Pro. He unwittingly installed Bing Desktop, and now we can't get rid of it. Have tried all the normal uninstall pathways: Add or Remove Programs, regedit, etc but still the Bing screensaver remains and other remnants are evident. While Bing is not malware itself, it seems to allow a host of malware through and won't allow a bunch of programs to run normally. Searches on google also seem to be affected. Not much seems to show on Task Manager/Processes. Can you pretty please help me to remove this nasty annoying stuff? Files are attached. Many many thanks! Nickers dds.txt attach.txt

OK all done. None of the files you listed were in those locations (hidden or shown). The JRT log is attached. The AdwCleaner log is attached. Tha MBAM report is attached, and nothing was found, although I did delete 2 quarantined listings for file cscomp.dll. ESET scanner found no items, and it did not give me the option of generating a report. As far as I can find (searched computer) no report or log was generated either. JRT.txt AdwCleanerS1.txt mbam-log-2012-12-21 (11-49-56).txt

Thanks heaps for getting back to me! It's really no problem, I know how busy you must be and we appreciate you having kept this thread open for us. The log is attached. Unfortunately I cannot copy and paste contents directly into post as this causes Blue Screen when large amounts are copied to clipboard. Cheers cflog.txt

After some trouble connecting remotely, we have managed to run both scans. Logs attached. Malwarebytes detected Trojan.Agent. Cleaned up after first scan, then rebooted. Ran second time and detected the same trojan. I read elsewhere (this forum) that a reboot will reanimate this particular virus. Following second MWB scan we did not reboot. I am purchasing MWB Pro for my computer - will having that on this machine assist with a clean reboot? Ran ESET scanner. Found 6 threats, of which 3 were cleaned. Program was closed without deleting quarantined files. So, at this point, the computer has been left on without restarting after either of the above 2 scans. Thanks heaps ESETSCAN.txt mbar-log-2012-12-14 (15-37-05).txt mbar-log-2012-12-14 (15-56-27).txt system-log.txt

Yes please! I have just been in touch with my Dad today and have organised a remote session in a couple of hours' time. Following that I will post some more scan results. Thanks so much for keeping this open!

OK cool. Could you please leave this thread open for me. My Dad is returning to his home town and I will recommence assistance for his computer remotely. This will happen within 48 hours. Thanks!

OK all done. Thanks so much for your time MrC, it is very much appreciated and I have learned a lot from this episode! Smarter computing for me from now on... I don't have any more questions. Thanks heaps!

It is running much better. I have also been going through your post on Preventative Maintenance (found it on another post) and have updated everything. I have installed Do Not Track Plus and Cookienator as I have had so much trouble with tracking cookies. CPU usage is down to around 12% and memory around 39%, so much lower on both. Programs are loading quicker and browser is fast. I have tried to install settings for OpenDNS but having trouble, so am gaining some help on their forum. My other concern I guess is how things will go once I restore my old files etc which were backed up. I am seriously considering buying Pro Malwarebytes as I clearly need better real-time protection than Norton alone. I had a great deal of trouble downloading and installing Adobe Reader XI, which makes me wonder if something is still here. I will switch to Foxit Reader instead I think. Log is attached for Adw. AdwCleanerR1.txt

Done. Log is attached. ComboFix.txt

Done, Log attached. ComboFix.txt

OK it worked in safe mode instead. Logs attached. FRST.txt Search.txt

Got as far as the command prompt, opened notepad and could not see my flash drive at all.

Hi guys, I am currently assisting my Dad with cleaning his computer. It is recurrently going to blue screen, ISP software won't load or suddenly stops, IE continually freezes, and there are dozens and dozens of copies of svchost.exe running which result in using over 60% of memory, even without any processes or programs loaded. Also DWM processes do not add up to the amount of private resource in use. Plug and play drivers also disappear intermittently, which is why I am suspicious. I had the same trouble on my own laptop and recently had to resort to a complete reinstall of the OS. Hoping to get out of that here. Logs attached as clipboard will just not cope and results in blue screen every time. I would really appreciate your help please! _________________________________________ dds.txt attach.txt

OK done, logs attached. Nothing found apparently. Also, Norton keeps blocking a computer trying to access my svchost.exe file. Is it possible that someone has seen me come back online and is trying to reinfect my system? What can I do about this? Yes I am in Australia. mbar-log-2012-11-30 (14-45-51).txt system-log.txt

Done, log attached RKreport1_S_11302012_02d1101.txt

Sorry I haven't been in touch. I had to do a complete reinstall of OS. I found that the virus was affecting my svchost.exe and had somehow deleted the plug and play capabilities, and eventually I couldn't get onto the net or anything. However, I am still very suspicious. Norton IS is detecting/blocking attempts to connect to my computer and access the above file. What can I do from here to make sure the virus is gone, and also to protect the new system from future infection? Norton didn't get to this thing in the first place. I need something which will protect me from it early on. Thanks!